Route-to nat same interface (source based routing + NAT)
-
Hello,
I would like to have a route group for two outgoing ISP. The issue is that when the traffic should be routed to the ip of the same interface, the nat is not applied.
Here a POC:I have this scenario:
em0 172.16.22.1
em0 alias 172.16.99.1
pppoe0 ip public of one ISPnat
nat on pppoe0 inet from 172.16.99.0/24 to any -> XX.XX.XXXX port 1024:65535 (where XX.xx..it's the public ip of the provider
nat on em0 inet from 172.16.99.0/24 to any -> 172.16.22.1 port 1024:65535pass in log quick on em0 route-to (pppoe0 XX.xx.xx.xx) inet from 172.16.99.0/24 to any flags S/SA keep state label "USER_RULE: a"
this is working, fine, my packets originated from 172.16.99.0/24 net are routed to pppoe0 and natted according the rules.
BUT if I change this rule (so I simply changed the next-hop)
pass in log quick on em0 route-to (em0 172.16.22.99) inet from 172.16.99.0/24 to any flags S/SA keep state label "USER_RULE: a"the rule is passed (logged) but no nat is applied at all!?! why?!
I tried also another POC: with these pf only rule this POC work:
nat on em0 inet from 172.16.99.0/24 to any -> 172.16.22.1 port 1024:65535
pass out log on em0 route-to (em0 172.16.22.99) inet proto tcp from 172.16.99.0/24 to any flags S/SA keep stateBut if i replicate these rule in pfsense, it's not working because it drop by default all, so I should apply an pass rule like this:
pass in log on em0 inet proto tcp from 172.16.99.0/24 to any
but with that … no packets are matched by pass out rule!If i replicate this POC with 172.16.99.0/24 configured on another physical interface instead on the alias interface there are no problems!|
What do you think?
I'm going crazy...